Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to disable auto generated routes by Active Storage

Tags:

ruby-on-rails

ruby-on-rails-5.2

rails-activestorage

I am upgrading an existing application to Rails 5.2.

Old application is using Paperclip for file storage and I am trying to move that to ActiveStorage.

My app expose an API that allows users to securely upload files (using key/secret pairs to sign requests).

When I installed ActiveStorage I found several new routes

      rails_service_blob GET  /rails/active_storage/blobs/:signed_id/*filename(.:format)                               active_storage/blobs#show
rails_blob_representation GET  /rails/active_storage/representations/:signed_blob_id/:variation_key/*filename(.:format) active_storage/representations#show
       rails_disk_service GET  /rails/active_storage/disk/:encoded_key/*filename(.:format)                              active_storage/disk#show
update_rails_disk_service PUT  /rails/active_storage/disk/:encoded_token(.:format)                                      active_storage/disk#update
     rails_direct_uploads POST /rails/active_storage/direct_uploads(.:format)                                           active_storage/direct_uploads#create

How I can disable those routes to not allow random uploads to my app.

like image 479
Eduard Avatar asked Sep 25 '18 11:09

Eduard

People also ask

What is active storage in Ruby on rails?

Using Active Storage, an application can transform image uploads or generate image representations of non-image uploads like PDFs and videos, and extract metadata from arbitrary files. Various features of Active Storage depend on third-party software which Rails will not install, and must be installed separately:

What is active storage and how does it work?

It comes with a local disk-based service for development and testing and supports mirroring files to subordinate services for backups and migrations. Using Active Storage, an application can transform image uploads or generate image representations of non-image uploads like PDFs and videos, and extract metadata from arbitrary files.

What permissions do I need to use active storage?

The core features of Active Storage require the following permissions: s3:ListBucket, s3:PutObject, s3:GetObject, and s3:DeleteObject. Public access additionally requires s3:PutObjectAcl. If you have additional upload options configured such as setting ACLs then additional permissions may be required.

How do I use active storage gem?

Active storage gem is used to attach, remove, serve, and analyze files. Attaching files: Files can be attached as a single file or multiple files. Use macros like ‘ has_one_attached ’ and ‘ has_many_attached ’ accordingly. Below are the sample codes to add attachments. Active storage enables attaching files and data to record on storage services.

1 Answers

To secure remove all ActiveStorage routes without side effects add this to config/application.rb:

class Application < Rails::Application
   ...
   initializer(:remove_activestorage_routes, after: :add_routing_paths) {|app|
      app.routes_reloader.paths.delete_if {|path| path =~ /activestorage/}}
   ...
end

I advise against replacing require 'rails/all' in config/application.rb with a list of rails gems grabbed from rails source code, which is often recommended.

like image 175
SkatEddy Avatar answered Oct 27 '22 01:10

SkatEddy
Sign in to Comment

Related questions

Activerecord Group by ENUM
Rails make all routes default to format: :json
Change second select list based on first select list value in rails
PG::Error: ERROR: zero-length delimited identifier at or near """"
Validating all attributes except one in Rails
How to set default date and include_blank in date_select in Rails
Rails ActiveRecord: Pluck from multiple tables with same column name
Convert rails activerecord to raw sql
ruby - what is the difference between uniq! and uniq [duplicate]
Clean approach to devise notice/alerts in materialize toast
Rails - format date_field
How to save a date into rails using the console
Query nested jsonb Postgres column
Rails Actioncable for specific pages
Bundle Error on macOS 10.12 Sierra
Why is initializing variables so important?
How do I display a validation error properly if my date format is not correct in Rails?
Rails - Using join with custom-named associations
ruby on rails constantize method
How is the checksum calculated in the blobs table for rails ActiveStorage

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!